SolarWinds urges users to patch Microsoft-discovered security vulnerability

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • For most of 2021, SolarWinds has been at the center of a massive cyber attack and the media coverage surrounding it.
  • Microsoft has discovered a new SolarWinds vulnerability, further extending the aforementioned troubles.
  • SolarWinds is urging customers to take its patch before it's too late.

SolarWinds cannot catch a break. From the start of 2021 onward, it's been at the core of news coverage regarding an attack Microsoft's president Brad Smith has referred to as "[...] The largest and most sophisticated attack the world has ever seen." And now, it's back in the news because Microsoft has discovered a serious security vulnerability with its Serv-U Managed File Transfer Server and Serv-U Secured FTP Server (via BleepingComputer).

Here's how SolarWinds describes the threat: "The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system."

SolarWinds recommends installing its freshly deployed hotfix immediately to prevent the vulnerability from causing undue headaches. If you've been following the news, you'll know the past few months of its operations have featured more than enough undue headaches due to vulnerabilities and unpatched systems.

SolarWinds is not alone in the current sweep of less-than-ideal media attention toward IT infrastructure software development companies. Kaseya also recently received a one-two punch from threat actors intent on stirring the pot, once again with Microsoft attached to the discussion.

Perhaps SolarWinds will have a quiet final quarter of 2021, one devoid of issues. Until then, if you're an affected customer utilizing Serv-U 15.2.3 HF1 or any prior Serv-U iterations, grab the hotfix linked above and stay protected.

CATEGORIES
Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.

Read more
Binary code displayed on a laptop screen and Guy Fawkes mask are seen in this illustration photo.
Microsoft blocks critical Secure Boot loophole after over 7 months — fortifying Windows 11 against sophisticated firmware attacks camouflaged as verified UEFI apps
Windows Update
Unable to install security updates after freshly installing Windows 11? You're not alone
Apple Store in Bangkok, Thailand
Microsoft flags macOS bug — remotely bypassing Apple's sophisticated System Integrity Protection (SIP) security solution and allowing unauthorized third-party rootkit installs
Surface Pro 11
New Surface Pro details emerge as Microsoft prepares to downgrade Windows 10 and OpenAI is accused of cheating on AI benchmarks
Windows Updates
Windows 11 Patch Tuesday Update adds multi-app camera feature and addresses security issues
Microsoft sign at an event
Microsoft to make performance-based job cuts across departments, including security, impacting "less than 1%" of the workforce
Latest in Microsoft
Cloud servers
Microsoft has killed "several" data center projects in the U.S. and Europe, according to reports — Microsoft responds (Updated)
Steve Ballmer and Bill Gates, former CEOs of Microsoft.
Bill Gates says Satya Nadella almost missed the cut for CEO of Microsoft — Even with Steve Ballmer's support
HP Reverb G2 VR headset
Was Windows Mixed Reality as bad as I remember? I look back at the failed VR platform that was ahead of its time.
Microsoft Majorana 1 chip designed for quantum computing
Microsoft dismisses quantum computing skepticism: "There is a century-old scientific process established by the American Physical Society for resolving disputes"
The Microsoft logo on a smartphone and laptop arranged in Crockett, California, US, on Friday, Dec. 29, 2023.
"Would you say there is a reasonable balance between what you contribute to Microsoft and what you get in return?" Two-thirds of Microsoft employees say YES — as AI engineers get preferential compensation packages.
Like a Dragon Pirate Yakuza in Hawaii screenshot
Microsoft blocks (some) Windows 11 pirates while Lenovo steals the show at Mobile World Congress
Latest in News
Cloud servers
Microsoft has killed "several" data center projects in the U.S. and Europe, according to reports — Microsoft responds (Updated)
Photo of Microsoft's new sign-in page for Xbox.com using the Microsoft Edge browser.
Over one billion users will get a new Microsoft user experience, and it has a dark mode
The Thing: Remastered key art
The Thing comes to Xbox Cloud Gaming's "Stream Your Own Game" library alongside other new arrivals
Promotional screenshot of heroes fighting a giant in Pillars of Eternity
Obsidian's classic Baldur's Gate successor 'Pillars of Eternity' is getting a surprise turn-based mode later this year, alongside other updates
Atomfall
Atomfall reviews and Metacritic scores are in: Here's a roundup of what everyone's saying about this new Game Pass survival game
Screenshot of one of the new flat world presets in Minecraft.
Minecraft testing new flat world presets and a better way to locate your friends in-game